Shadow Daemon: Web Application Firewall

Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications.
Technically speaking, Shadow Daemon is a web application firewall
that intercepts requests and filters out malicious parameters.
It is a modular system that separates web application, analysis and
interface to increase security, flexibility and expandability.

Shadow Daemon is free software. It is released under the license GPLv2, so its source code can be examined, modified and distributed by everyone.

What differentiates Shadow Daemon?

Ease Of Use

Shadow Daemon is easy to install and can be managed with a clear and
structured web interface.
The interface lets you examine attacks in great detail.
If you just want to protect your site, but otherwise do not care about
attacks you can forget about the web interface once Shadow Daemon is
installed and configured.
The interface also comes with shell scripts that can be used to send
weekly reports via e-mail, rotate the logs and the like.

High Coverage

Shadow Daemon strives to be a single solution for all popular web languages.
At the moment the following programming languages are supported:

  • PHP
  • Perl
  • Python

Accurate Detection

Shadow Daemon combines white- and blacklisting
to accurately detect malicious requests.
The blacklist makes use of sophisticated regular expressions to search
for known attack patterns in the user input.
The whitelist on the other hand searches for irregularities in the user
input based on strict rules that define how the input should look like.
Together they can detect almost any attack on a web application and
still have a very low false-positive rate.

Shadow Daemon is able to detect common attacks like:

  • SQL Injections
  • XML Injections
  • Code Injections
  • Command Injections
  • Cross-Site Scripting
  • Local/Remote File Inclusions
  • Backdoor Access
  • And more …

Discreet Protection

Unlike many other web application firewalls Shadow Daemon does not completely block malicious requests.
Instead it only filters out the dangerous parts of a request and lets it proceed afterwards.
This makes attacks impossible, but does not unnecessary frustrate visitors in the case of false-positives.

Secure Architecture

Shadow Daemon is closer to the application than most other web
application firewalls.
It receives exactly the same input that the web application receives and
thus it is almost impossible to bypass the detection by obfuscating the
attack.
However, the most complex parts of Shadow Daemon are separated from the
web application to guarantee a certain standard of security.

Who should use Shadow Daemon?

Shadow Daemon is for people who want to run their own dynamic website
without constantly having to worry about attacks and vulnerabilities.

Shadow Daemon is for people who want to know if and how their website is attacked.

Shadow Daemon is for people who do not want to blindly place their
trust in non-free software that does its work in secret and costs a
fortune.

How do I install Shadow Daemon?

Getting Started contains everything you need to know. Start by reading shadowd.
Installing Shadow Daemon is easy and only takes some minutes, really.

Read more here.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.